polarssl

mirror of https://github.com/cuberite/polarssl.git synced 2025-10-05 11:34:26 -04:00

Author	SHA1	Message	Date
Hanno Becker	95832d8872	Explicitly mark mbedtls_ssl_session.exported as private This was an oversight during concurrent merging in the run-up to Mbed TLS 3.0. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-07-22 11:37:01 +01:00
Dave Rodgman	dc1a3b2d70	Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0 Cleanup SSL error code space	2021-06-30 09:02:55 +01:00
Dave Rodgman	c628fc980f	Correct and clarify the SSL error code documentation Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 14:36:19 +01:00
Dave Rodgman	bb05cd09b7	Remove MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 10:41:06 +01:00
Dave Rodgman	53c8689e88	Introduce new TLS error codes Introduce new codes: * MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION * MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL These are returned when the corresponding alert is raised. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 10:02:06 +01:00
Dave Rodgman	096c41111e	Remove MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 09:52:06 +01:00
Hanno Becker	b561bedadd	Make MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE more generic Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	90d59dddf5	Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	c3411d4041	Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	9ed1ba5926	Rename MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE New name MBEDTLS_ERR_SSL_BAD_CERTIFICATE Also, replace some instances of MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE by MBEDTLS_ERR_SSL_DECODE_ERROR and MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER as fit. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	5697af0d3d	Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	cbc8f6fd5d	Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE Signed-off-by: Hanno Becker <hanno.becker@arm.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	a0ca87eb68	Remove MBEDTLS_ERR_SSL_BAD_HS_FINISHED Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	d200296f17	Remove MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	d934a2aafc	Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	d3eec78258	Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	666b5b45f7	Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	029cc2f97b	Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	b24e74bff7	Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP error code Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	d01fc5f583	Introduce MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE error code Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	241c19707b	Remove MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	bc00044279	Rename MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION New name is MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	93636cce4a	Add MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	2fe5f61e1a	Add generic codes for syntactic and semantic message parsing errors Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Bence Szépkúti	bb0cfeb2d4	Rename config.h to mbedtls_config.h This commit was generated using the following script: # ======================== #!/bin/sh git ls-files \| grep -v '^ChangeLog' \| xargs sed -b -E -i ' s/((check\|crypto\|full\|mbedtls\|query)_config)\.h/\1\nh/g s/config\.h/mbedtls_config.h/g y/\n/./ ' mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:33 +01:00
Bence Szépkúti	c662b36af2	Replace all inclusions of config.h Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since build_info.h alreadyy handles it. This commit was generated using the following script: # ======================== #!/bin/sh git ls-files \| grep -v '^include/mbedtls/build_info\.h$' \| xargs sed -b -E -i ' /^#if !?defined$MBEDTLS_CONFIG_FILE$/i#include "mbedtls/build_info.h" //,/^#endif/d ' # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:24:07 +01:00
Gilles Peskine	e9bc857327	Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export Implement modified key export API for Mbed TLS 3.0	2021-06-22 18:52:37 +02:00
Manuel Pégourié-Gonnard	3e7ddb2bb6	Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0 Update the default hash and curve selection for X.509 and TLS	2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard	508d3a5824	Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext Remove truncated HMAC extension	2021-06-22 11:53:10 +02:00
Hanno Becker	d8f32e72b4	Move export callback and context to the end of SSL context This saves some code when compiling for Thumb, where access to fields with offset index > 127 requires intermediate address computations. Frequently used fields should therefore be located at the top of the structure, while less frequently used ones -- such as the export callback -- can be moved to the back. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	e0dad720ee	Remove return value from key export callback Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	7e6c178b6d	Make key export callback and context connection-specific Fixes #2188 Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	22b34f75cd	Remote key export identifier used for TLS < 1.2. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	ddc739cac4	Add missing documentation for key export callback parameters Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	457d61602f	Define and implement new key export API for Mbed TLS 3.0 Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	2d6e6f8fec	Remove '_ext' suffix from SSL key exporter API Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	78ba2af7c2	Remove old key export API Seems to be an oversight that this wasn't marked deprecated. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard	9a32d45819	Merge pull request #4517 from hanno-arm/ticket_api_3_0 Implement 3.0-API for SSL session resumption	2021-06-18 18:34:45 +02:00
Hanno Becker	5c5b820352	Fix typo in doc'n of session resumption API Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 12:21:25 +01:00
Gilles Peskine	a03fb29666	Document backward compatibility promises for the default TLS profile Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 23:17:05 +02:00
Gilles Peskine	a28f0f5082	Leave the preference order for hashes unspecified We don't seem to have strong feelings about this, so allow ourselves to change the order later. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00
Gilles Peskine	b1940a76ad	In TLS, order curves by resource usage, not size TLS used to prefer larger curves, under the idea that a larger curve has a higher security strength and is therefore harder to attack. However, brute force attacks are not a practical concern, so this was not particularly meaningful. If a curve is considered secure enough to be allowed, then we might as well use it. So order curves by resource usage. The exact definition of what this means is purposefully left open. It may include criteria such as performance and memory usage. Risk of side channels could be a factor as well, although it didn't affect the current choice. The current list happens to exactly correspond to the numbers reported by one run of the benchmark program for "full handshake/s" on my machine. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00
Gilles Peskine	ae270bf386	Upgrade the default TLS hash and curve selection, matching X.509 Upgrade the default list of hashes and curves allowed for TLS. The list is now aligned with X.509 certificate verification: hashes and curves with at least 255 bits (Curve25519 included), and RSA 2048 and above. Remove MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE which would no longer do anything. Document more precisely what is allowed by default. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:14 +02:00
Manuel Pégourié-Gonnard	ad5390fc4f	Clarify that RNG parameters are mandatory in SSL No change here, these were already mandatory, it just wasn't explicit in the documentation. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-17 09:37:55 +02:00
Hanno Becker	ab4ecfcc2c	Improve wording of documentation of new session resumption API Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-17 05:12:16 +01:00
Thomas Daubney	d7171e9f59	Removes truncated HMAC code from ssl.h Commit removes conditionally compiled code relating to MBEDTLS_SSL_TRUNCATED_HMAC from ssl.h. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-06-16 16:26:59 +01:00
Gilles Peskine	cee21d76f1	Merge pull request #4606 from TRodziewicz/turn__SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt Turn _SSL_SRV_RESPECT_CLIENT_PREFERENCE config opt to a runtime opt	2021-06-14 19:03:28 +02:00
Ronald Cron	c4c761e35e	Merge remote-tracking branch 'mbedtls/development' into mbedtls_private_with_python Conflicts: include/mbedtls/ssl.h include/psa/crypto_struct.h Conflicts fixed by using the code from development branch and manually re-applying the MBEDTLS_PRIVATE wrapping.	2021-06-14 16:17:32 +02:00
TRodziewicz	3946f79cab	Correction according to code review (function and param. names change and docs rewording) Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-14 13:46:21 +02:00
TRodziewicz	8476f2f30a	Turn _SSL_SRV_RESPECT_CLIENT_PREFERENCE config option to a runtime option Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-14 11:56:20 +02:00

1 2 3 4 5 ...

583 Commits